application-security
Safeguard articles tagged "application-security" — guides, analysis, and best practices for software supply chain and application security.
613 articles
The LLM Application Security Checklist (2026)
You are shipping an LLM feature. Before it goes live, walk this checklist — organized around the OWASP Top 10 for LLM Applications — to catch the risks that matter most in production.
Securing Express Applications: A Layered Playbook
Express gives you almost no security by default. This playbook layers the middleware, headers, rate limits, session hardening, and input validation that turn a bare Express app into a defensible one — with Express 5 in mind.
How to Prevent Prototype Pollution in JavaScript
Prototype pollution turns a single crafted JSON key into process-wide corruption — and it has escalated to RCE in real Node.js apps. Here is how the attack works and four layers of defense that stop it.
CodeQL default setup vs advanced setup for code scanning
CodeQL's default setup is fast but limited; advanced setup adds control but more YAML to maintain. Here's how the two compare, and where Safeguard fits in.
An Application Security Learning Path for 2026
A phase-by-phase learning path into application security, built for students and career-changers. Foundations, offense, defense, tooling, and a portfolio—mostly free, and structured so you always know the next step.
Preventing SSRF in Node.js Applications
Server-Side Request Forgery is the bug that turns a harmless URL field into a doorway to your cloud metadata service. Here is how SSRF works in Node.js and how to shut it down with allowlists and DNS-safe validation.
Secret scanning coverage: GHAS's ~200 patterns vs broader...
GHAS matches secrets against ~200 partner patterns. We break down where that coverage ends and how Safeguard's layered detection catches what pattern lists miss.
Application Security FAQ: A 2026 Guide
Clear answers to common application security questions in 2026 — what AppSec covers, how SAST, DAST, and SCA differ, the role of the OWASP Top 10, and how to prioritize fixes.
ASP.NET Core Security Checklist for Production
A production-ready ASP.NET Core security checklist covering authentication, headers, HTTPS, antiforgery, rate limiting, and data protection, with the exact configuration for .NET 8 and .NET 9.
The Best Application Security Certifications in 2026
Which AppSec certifications are actually worth your time and money? A candid guide for students and career-changers on entry-level, specialist, and free certifications—and how to pair them with the evidence hiring managers really want.
JavaScript Security: The Common Pitfalls That Keep Burning Teams
The recurring JavaScript security mistakes that show up in real breaches — unsafe deserialization, injection sinks, prototype pollution, and trusting client input — each with vulnerable and fixed code.
OWASP A04: Insecure Design — A Deep-Dive Guide
Insecure Design is a new OWASP Top 10 (2021) category at #4. A deep dive into design flaws vs implementation bugs, threat modeling, real cases, and prevention.